sudo permissions for jenkins
David Caro
dcaroest at redhat.com
Thu Jul 25 18:04:41 UTC 2013
On Tue 23 Jul 2013 10:48:46 PM CEST, Ewoud Kohl van Wijngaarden wrote:
> On Tue, Jul 23, 2013 at 04:27:08PM -0400, Mike Burns wrote:
>> I have a task that is currently not allowed due to the current sudo
>> rules. I need to be able to run the edit-node tool to generate
>> ovirt-node isos containing vdsm. This tool requires root or sudo
>> access.
>>
>> The problem is that I'm extracting the tool from it's rpm since it's
>> generated in a different jenkins job. The execution is done with a
>> command like this:
>>
>> sudo ${WORKSPACE}/edit-node <options>
>>
>> AFAIK, this can't be handled in the sudoers file in any easy way.
>>
>> Any suggestions? Or maybe simply enable universal passwordless sudo?
>
> I was wondering the same thing in http://gerrit.ovirt.org/17261. Since
> we already give permission to yum and cp to /etc/yum.repos.d, it's not
> hard to get some package to install extra sudo rules for yourself and
> have full sudo.
> _______________________________________________
> Infra mailing list
> Infra at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/infra
Yep, but we need it in order to be able to run the jobs, if we don't
want to setup a complicated permission system.
I agree with quaid, we can just add ssh access for us and give full
sudo acces to the jenkins user and our users, afaik the only sensible
information that is there is the hashed password for admin users in the
shadowfile, but if we allow passwordless sudo to our users too we do
not need to setup any password in the system (that means changes in the
users class too btw).
--
David Caro
Red Hat Czech s.r.o.
Continuous Integration Engineer - EMEA ENG Virtualization R&D
Tel.: +420 532 294 605
Email: dcaro at redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
RHT Global #: 82-62605
More information about the Infra
mailing list